Application Security Testing: An Integral Part of DevOps
Today's article topic is a customization possibility demonstration for a user Web interface of Microsoft CRM. As an example, I'll use MS CRM integration with ASP.Net application, accessing customer data access when customers are stored in an Oracle 10g database. Here's how to begin:
- First, create the table to store customer information in an Oracle database. You'll use an iSQL Web application for table metadata manipulation:
- The table is now created and contains four fields: CUSTOMER_ID, FIRST_NAME, LAST_NAME, and ADDRESS. Fill it with text data:
- Now, work with data access to an Oracle database from the ASP.Net application. You should download http://www.oracle.com Windows Instant Client from the Oracle site. You don't have to install it; just unpack all the files in the directory of your choice—for example, c:\oracle—and set the environmental variable TNS_ADMIN, pointing to this directory.
- In the c:\oracle directory (or where TNS_ADMIN points), create file tnsnames.ora as in the following (change the host and service names):
- Make a correction to the Windows registry to have MS SQL Linked Server work properly with the Oracle OLE DB Provider. In the KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC\MTxOCI hive, make these changes:
- Now, create a Linked Server in MS SQL Server 2000:
- Linked Server is now ready. You can test it functioning; open a table list. You should see a customer table there:
- Now, create a stored procedure for Oracle data access:
- The next step is customizing the Microsoft CRM using interface. Add a customer list button into the Quote screen toolbar. Edit isv.config:
<quote> <ToolBar ValidForCreate="0" ValidForUpdate="1"> <Button Title="Customers" ToolTip="Show customers list from Oracle DB" Icon="/_imgs/ico/16_convert.gif" Url="http://APOLLO/MyCustomersList.aspx" PassParams="1" WinParams="" WinMode="1"/> </ToolBar> <NavBar ValidForCreate="0" ValidForUpdate="1"> </NavBar> </quote>Change the URL to your host name.
- To create an ASPX page, use RAD for ASP.Net - WebMatrix:
- Create a new page for data access:
- Change its code to access your data:
- Now, test your Web application by calling it from MS CRM:
ORCL1 = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP) (HOST = oraclehost.yourdomain.com) (PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = ORCL1) ) )
OracleXaLib = "oracleclient8.dll" OracleSqlLib = "orasql8.dll" OracleOciLib = "oci.dll"
Note: On the Security tab, you need to use a security context with the credentials so that you have valid access to the Oracle Database.
SET ANSI_NULLS ON SET ANSI_WARNINGS ON GO CREATE PROCEDURE MyCustomersList AS SELECT * FROM OPENQUERY(ORACLE, 'SELECT * FROM Customer') RETURN
Sub Page_Load(Sender As Object, E As EventArgs) Dim ConnectionString As String = "server=(local);database=Albaspectrum; trusted_connection=true" Dim CommandText As String = "EXEC MyCustomersList" Dim myConnection As New SqlConnection(ConnectionString) Dim myCommand As New SqlCommand(CommandText, myConnection) myConnection.Open() DataGrid1.DataSource = myCommand.ExecuteReader (CommandBehavior.CloseConnection) DataGrid1.DataBind() End Sub
About the Author
Boris Makushkin is a lead software developer with Alba Spectrum Technologies, a USA Nationwide MS CRM consulting company.